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0  Introduction  v— -  — 

Formal  (algebraic,  combinatorial,  logic^  t  eatment  of  concurrent  processes 
and  of  distributed  systems  has  started  tathi  r  recently  only,  although  concur¬ 
rent  and  distributed  activities  dedicated  to'common  tasks  are  daily  practice 
and  have  always  played  an  important  role  tor  human  societies.  The  tradi¬ 
tional  notions  of  computability  ape  all  based  pn  the  concept  of  a  single  person 
fulfilling  a  task  step  by  step.  Thh  is  very  explicit  in  Turing’s  work  -  and 
even  if  the  formalism  would  allow  for  consideration  of  concurrency,  as  in  the 
case  of  recursive  functions  defined  by  sets  of  equations,  this  possibility  was 
not  discussed  for  a  long  time.  \ 

Nevertheless  there  are  Connections  of  the  Current  theories  of  concurrency 
to  the  different  approaches  to  formalize  tha  notion  of  effective  computa¬ 
tion:  Turing  machines,  X-calculus  and  recursive  functions.  The  two  main 
approaches  to  concurrency  that  will  be  described  in  the  following,  namely 
Petri  nets  and  abstract  programming  language^,  are  closely  related  to  them. 

A  Petri  net  can  be  understood  as  a  formalization  of  the  joint  work  of  a  group 
of  people'  (seee.g.  (Bra84]  and  [Bra87j)/the  abstract  programming  languages  q 
ftre  g"»Atly  infjmanrAd  by  the  ids**  fte  A-calculus/faca  «.g.  pfta88])i  — ^ 

their  purpose  is  to  prescribe  what  should  be  done~by  cooperating  agents,  . 

The  rather  recent  intensification  and  broadening  of  work  on  concurrency 
is  certainly  due  to  hardware  developments  -  but  the  development  of  theo- 
retical  informatics  is  also  based  on  its  own  inherent  impetus,  in  particular 
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on  historical  influences  and  on  abstract  (not  hardware-oriented)  ideas  and 
concepts  (which  often  can  be  developed  by  looking  at  what  human  beings 
do). 

The  two  approaches  we  will  deal  with  are  quite  different,  from  the  formal 
and  technical  point  of  view  as  well  as  from  the  philosophical  one.  However,  I 
will  not  concentrate  on  their  distinctions,  but  treat  them  together  from  the 
perspective  of  specification  and  programming.  Since  in  the  case  of  distributed 
systems  there  is  no  clear  distinction  between  specification  and  programming 
notations  I  shall  use  often  the  more  general  term  “specification”  to  mean  also 
programming. 

The  following  five  parts  (corresponding  to  five  lectures)  are  mainly  based 
on  work  done  in  my  research  group,  in  particular  by  Astrid  Kiehn,  Dirk 
Taubner  and  Walter  Vogler. 

1  Abstract  Programming  Languages 

1.1  A  General  Abstract  Programming  Language 

Let  us  imagine  that  we  should  specify  a  distributed  system  composed  of 
several  agents  which  work  rather  independently  but  which  communicate  with 
each  other  (in  a  well  organized  way).  To  make  the  problem  easier,  we  abstract 
from  the  processing  of  data  and  take  as  a  basis  simply  a  countably  infinite 
alphabet 

Alpb 

of  (names  of)  actions  (assuming  also  that  the  occurrence  of  an  action  in  the 
specification  of  a  system  means  that,  in  the  realization  of  the  system  there 
will  be  an  agent  performing  this  action). 

Naturally  one  would  like  to  be  able  to  describe  simple  systems  like  finite 
non-deterministic  automata  -  however,  we  do  not  want  to  describe  their 
structure,  but  their  behaviour,  i.e.  what  they  should  do.  Therefore  we  use 
a  notation  similar  to  that  of  regular  expressions;  the  main  difference  is  that 
we  will  express  the  iteration  (Kleene  star)  by  recursion. 

In  addition  we  obviously  need  an  operator  for  some  sort  of  parallel  com¬ 
position  which  should  include  the  possibility  to  prescribe  communications 
or  joint  actions  of  the  composed  systems.  There  are  several  operators  in  the 
literature  based  on  different  ways  of  cooperation:  the  two  subsystems  may 
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-  operate  completely  independently 

-  perform  some  actions  jointly 

-  communicate  by  performing  complementary  actions  a  and  3  (establish¬ 
ing  a  communication  link)  -  the  joint  action  (a,  a)  having  no  effect  to 
the  outside  world  (the  communictation  is  internal). 

We  will  use  an  operator  which  encompasses  all  these  variants. 

Obviously  we  now  need  a  complementary  alphabet  Alph  :=  {a  |  a  €  A} 
and  a  notation  (r)  for  an  action  without  any  (visible)  effect.  Naturally  we 
assume  that  a  =  a. 

When  we  specify  a  system  we  take  the  point  of  view  of  an  observer  (or  a 
user)  who  watches  (or  interacts  with)  the  system  and  sees  the  effects  of  its 
actions,  i.e.  of  actions  from 


Vis  :=  Alph  U  Alph. 

According  to  good  programming  practise  we  would  also  like  to  be  able 
to  express  hiding  (abstraction)  and  renaming  of  actions.  Both  can  be  com¬ 
bined  in  the  operation  of  applying  an  action  manipulation  function  /  to 
a  specification  (It  is  convenient  to  write  this  operator  in  postfix  notation.). 
So  af  —  r  denotes  that  a  is  hided.  We  can  use  this  operator  also  to  disallow 
(restrict)  actions,  if  we  extend  its  range  by  X,  the  symbol  for  non-action, 
undefinedness  etc.  (i.e.  af  =  X  means  action  a  is  not  allowed). 

It  is  convenient  to  have  a  notation  for  unordered  pairs  (of  jointly  executed) 
actions: 


EVis  :=  {{a,  6}  |  a,b  €  Vis}  ({“>“}  =  {°}) 


The  set  of  all  actions  is  Act  :=  {t}  U  Vis  U  EVis.  Let  moreover  Act jl  := 
Act  U{J_}.  We  are  now  ready  to  define  the  syntax  of  the  general  abstract 
programming  language  GAP  (i.e.  the  language  A  in  [Tau88]). 

The  operators  (and  their  intuitive  meanings)  are: 


nil:  '  nullary  operator 


(a  system  which  is  unable  to  perform  any 
action;  which  has  stopped  to  work)  a. 
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a:  unary  operator,  used  in  prefix  notation  for  each  a  €  {r}  U 
Vis  (called  prefixing;  if  5  is  a  system  aS 
is  the  system  that  can  perform  first  a  and 
then  behaves  as  S) 

f:  unary  operator,  used  in  postfix  notation  for  each  /  € 
Fun  :=  {/  :  Actj.  — »  Actj.  |  /(X)  = 
_L,/(t)  =  t)  (called  action  manipulation) 

+:  binary  operator,  used  in  infix  notation  (called  sum;  S  +  S' 
behaves  either  like  S  or  like  S',  depend¬ 
ing  on  whether  the  first  executed  action 
belongs  to  S  or  to  S') 

binary  operator,  used  in  infix  notation  (called  general  par¬ 
allel  composition;  S  if  S'  allows  S  and  S' 
to  work  independently  but  also  to  perform 
joint  actions  {a,  6}  €  EVis  provided  that 
S,  S'  can  perform  a,  b  respectively. 

The  notation  for  recursion  is  rec  r.S,  where  r  e  Id,  a  countably  infinite 
set  of  identifiers,  and  5  a  system  description  in  which  r  might  occur.  (This 
is  similar  to  the  definition  of  a  parameterless  recursive  procedure  r  with 
procedure  body  S  together  with  an  immediate  call  of  r.) 

As  usual  we  have  the  notions  of  free  and  bound  identifiers,  we  have  to 
use  renaming  of  bound  identifiers,  we  identify  terms  which  differ  only  with 
respect  to  bound  identifiers,  and  we  will  always  assume  that  the  Barendregt 
convention  is  obeyed,  i.e.  that  in  each  collection  of  terms  no  identifier  occur¬ 
ring  bound  in  one  of  the  terms  occurs  also  free  in  a  term  of  this  collection. 

Now  the  syntax  for  GAP  is  given  by  the  grammar: 

S  ::=  nil  |  r  |  aS  |  Sf  j  S  +  S  |  S  If  S  |  rec  r.S 

where  r  €  Id,  o  6  (t)  U  Vis,  /  €  Fun.  Let  TermcxP  be  the  set  of  all 
terms  defined  by  this  grammar. 

1.2  Derived  Operators 

Many  of  the  operators  used  in  the  literature  can  be  defined  with  the  help  of 
the  above;  here  are  some  examples.  Let  S,  S'  €  TermaAPi  A  C  Vis,  then: 
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rS  +  tS'  is  the  internal  nondeterminism  operator  of 
TCSP  (without  visible  effect  the  system  decides  to 
behave  like  S  or  like  S') 

S(a  h  t  |  a  6  is  the  hiding  operator  of  TCSP 
(Here  as  in  the  following  we  describe  a  function  by 
writing  down  all  important  argument-value  pairs) 

S{a  >-»  JL  |  a  £  A}  is  the  restriction  operator  of  CCS 

(a  for  a  £  Vis  U  {t} 
t  for  a  =  {6,6}  €  EVis, 

X  otherwise 

is  the  CCS  parallel  composition. 

(S  i  S')gA, 

I  a  for  a  £  {r}  U  Vis  —  A 

b  for  a  —  {&,  6}  €  EVis,  6  6  A, 

X  otherwise 

is  the  TCSP  parallel  composition. 

Milner’s  pure  CCS,  the  perhaps  most  influential  abstract  programming 
language,  developed  from  the  middle  of  the  70’s  on,  (see  [Mil85]  and  [BRR87]) 
is  basically  given  by  the  following  grammar 

S  nil  |  r  |  aS  j  Sf  |  S  —  A  |  S  +  S  |  S  |  S  |  recr.S 

where  r  £  Id,  a  €  {r}  U  Vis, 

/  €  Fun,  such  that  f\EVis=  A  Va  6  Vis  :  af  6  Vis  A  a/  =  a/. 

A  C  Vis,  such  that  a  €  A  implies  a  €  A.  (where  g\o  denotes  the 
restriction  of  the  domain  of  the  function  g  to  D) 

The  classical  operator  of  sequential  composition  of  two  systems  is  not 
simply  obtained  from  the  prefixing  operator,  since  we  have  allowed  the  con¬ 
struction  of  systems,  which  may  never  terminate  their  activities.  We  there¬ 
fore  introduce  a  particular  symbol  V  (called  tick)  which  indicates  successful 
termination.  Let  Alpb  =  Alpb'  U  where  Alpb'  fl  {V.v’i.Vj}  =  0. 

Then  for  S,  S'  £  TermQAp 

S', S'  :=  (Sgi  |  Vi5')-{>/i,Vi},  where  pi  =(\/h  Vj,V -+  7i} 

Another  very  important  abstract  programming  language  based  on  Hoare’s 
CSP  ([Hoa78],  see  also  [BftR87])  is  TCSP;  a  slightly  restricted  variant  can 
be  defined,  using  the  above,  by  the  following  grammar: 


5  or  S' 

S\A 

S-A 

S|S' 

5  II*  5' 


5 


5::=F  |  r  |  S/  |  S-A  |  S\A  |  SorS  |  S;S  |  5||4S  |  recr.S 
V  ::=  nil  |  aS  \  V  +  V 

where  r  €  Id,  a  6  Alph,  A  C  Alph,  f  6  Fun  A  f\(Act-Alph)=  ‘d  A 
(AJph)/ C  Alph  A  Va  e  Aiph  :  la/'1!  e  IV. 

The  main  omission  is  the  operator  []  of  external  choice,  it  is  replaced  by 
+  which  can  be  considered  as  Q  restricted  to  operands  which  both  begin  by 
a  visible  action  (according  to  the  subgrammar  with  start  symbol  V).  More 
on  TCSP  follows  in  part  2. 

Examples: 

(1)  Tec  r.((ar;  bV  nil)  +  V nil) 

An  observer  watching  the  system  from  a  start  action  until  a  termination 
will  note  a  sequence  of  actions  of  the  form  anbn\/,  n  >  0. 

(2)  recr.(0(rf)  +  Vnii),  where  a/  :=  j  °  ^  1  ,  can  produce 

each  of  the  following  action  sequences: 

■/,  (V,  01>/,  012V,  0123V, . . . 

(3)  recr.(r/  +  QV nil),  where  /  is  as  above,  produces  only  the  actions  iV 
(where  t  6  IV)  with  increasing  «  (beginning  with  0)  if  it  is  restarted 
again  and  again.  For  more  details  see  [Tau88]. 


2  Semantics 

2.1  Interleaving  Operational  Semantics 

The  traditional  approach  to  the  semantics  of  concurrent  distributed  systems 
is  based  on  the  idea  of  an  observer  (or  user)  watching  (or  interacting  with) 
the  system  without  any  knowledge  about  its  structure.  This  observer  (user) 
can  only  operate  sequentially,  so  he  will  note  (or  cause)  concurrent  actions 
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of  the  system  in  some  order  -  thus  transforming  concurrency  into  nondeter¬ 
minism. 

More  formally,  we  associate  to  a  term  of  the  language  (i.e.  in  our  case 
GAP)  a  transition  system  (sequential  automaton)  T  over  Act  T  =  (Z,  D,  z), 
where 

Z  is  the  (possibly  infinite)  set  of  states, 

DCZx  Act  x  Z  is  the  set  of  transitions 
and  z  g  Z  is  the  start  state. 

Example  (2)  from  part  1  gives  the  following  transition  system:  Let  S% 
denote  the  given  term 


<0 


'Z  Szf  W  S,ff\V 


t> 


nil 


nilf 


O 

nilff 


The  states  of  the  transition  system  for  a  term  S  are  terms  derived  from  S 
(where  S  is  the  start  state)  by  the  following  inference  rules  -  only  the  states 
reachable  from  the  start  state  are  interesting  and  need  to  be  constructed  in 
a  concrete  example. 


(act) 


(cS,c,  $) 


where  R[S/r j  denotes  the  term  obtained  from  R  by  substituting  the  term  5 
for  every  free  occurrence  of  the  identifier  r  together  with  appropriate  renam¬ 
ing  of  bound  identifiers  to  avoid  name  clashings. 

Example  (3)  from  part  1  gives  the  transition  system 


If  we  consider  such  a  transition  system  (for  a  term  S)  as  an  automaton 
whose  final  states  are  those  reached  by  a  tick  transition  (z,V,z')t  then  the 
formal  language  accepted  by  it,  is  the  set  of  all  sequences  of  observations  (or 
of  actions)  one  can  obtain  from  terminating  runs  of  an  implementation  of 
the  term  S. 

The  semantics  obtained  is  an  operational  one  constructed  according  to 
the  structured-operational  semantics  (SOS)  technique  introduced  by  Plotkin; 
the  semantics  of  the  parallel  composition  of  two  terms  is  the  interleaving  (or 
the  shuffle  product,  if  formal  languages  are  considered,)  of  the  semantics  (of 
the  sets  of  action  sequences)  of  the  components. 

Two  terms  have  the  same  meaning  with  respect  to  this  semantics  if  the 
corresponding  transition  systems  are  equivalent  -  to  compare  only  the  sets 
of  action  sequences  does  not  suffice,  since  it  does  not  say  anything  about  the 
nonterminating  behaviour.  There  are  several  equivalence  notions  for  transi¬ 
tion  systems,  we  consider  only  the  strong  bisimulation  equivalence  (in¬ 
troduced  by  Milner  and  Park),  since  practically  all  other  equivalence  notions 
are  weaker  than  this. 

Let  Ti  =  ( Zi,Di,Zi),i  =  1,2  be  two  transition  systems.  7)  and  T%  are 
strongly  bisimular  (notation:  Tj  ~  Tj)  if  there  is  B  C  Zi  x  Zj  such  that 
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•  (*i.  *»)  €  B 


•  V(jt,z/)  e  B,a  e  Act: 

(i)  (z,  a,  z,,)  €  A  =*  3z£  :  (*',  0,  z£)  €  A  A  (zo,  z£)  e  B 

(ii)  (z'.a.zj)  €  Z)3  =►  3zo  :  (z,o,zo)  6  A  A  (zo.Zo)  6  B. 

Obviously  two  terms  with  bisimular  transition  systems  produce  the  same 
sets  of  action  sequences. 

Example:  S  =  o(recr.ar)  +  b(recq.aq)  with  r  ±  q  has  the  transition 


According  to  the  Barendregt  convention  (see  part  1)  we  wanted  to  identify 
recr.ar  and  recq.aq .  Therefore  5  should  be  identified  with 

S'  =  (ar ec  r.ar  +  6rec  r.ar) 

The  transition  system  for  S’  is 


recr.ar 


Both  transition  systems  are  strongly  bisimular.  For  further  information 
on  this  semantics  see  [Tau88]. 
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2.2  A  Denotational  Semantics  with  Simultaneity 

We  will  now  refine  our  semantical  view.  If  the  observer  (or  the  user)  is  a  bit 
more  sophisticated  he  may  detect  (or  cause)  some  actions  simultaneously.  It 
is  obvious  that  for  the  analysis  of  a  concurrent  distributed  system  it  is  useful 
(and  sometimes  necessary)  to  be  able  to  describe  simultaneity  of  actions,  e.g. 
in  order  to  see  what  effect  to  execution  speed  the  increase  or  decrease  of  a 
number  of  processors  would  have. 

For  this  purpose  we  consider  a  TCSP  oriented  variant  of  GAP  (called 
GAPH),  take  the  (more  or  less)  standard  denotational  semantics  for  TCSP 
(which  however  is  an  interleaving  semantics)  and  equip  this  with  the  notion 
of  step,  which  comes  from  Petri  net  theory. 

A  step  is  simply  a  finite  multiset  of  actions  which  are  performed  simulta¬ 
neously  -  it  need  not  be  maximal  with  respect  to  the  number  of  simultaneous 
actions,  since  we  assume  that  the  components  of  the  distributed  system  op¬ 
erate  asynchronously.  Also  null  steps  (which  do  not  contain  any  action)  are 
allowed  -  they  can  be  interpreted  as  idle  steps  but  have  nothing  to  do  with 
T-actions  (which  are  not  allowed  in  GAPH). 

Since  we  allow  for  arbitrary  simultaneity  and  are  able  to  argue  about 
simultaneity  in  our  semantics  it  is  useful  to  introduce  a  new  operator  (4f B ) 
in  the  language  which  allows  to  restrict  simultaneity  of  certain  actions  (i.e. 
S  |fs  has  the  effect  that  no  step  which  has  an  element  of  B  as  a  substep  can 
be  performed). 

The  syntax  of  GAPH  is  given  by  the  following  grammar: 

S::=  ni/  |  r  |  aS  |  S/  |  j  S  Q  S  |  5 or  S  \  S  *  S  |  recr.S 

where  r  6  Id, «  €  Alph,  /  e  Fun,  B  CM,  where  M  is  the  set  of  all  multisets 
over  £  :=  Vis  U  EVis;  0  denotes  the  empty  multiset. 

Apart  from  |ffi  it  is  the  operator  []  of  external  choice  (external  nonde¬ 
terminism)  from  TCSP,  which  offers  a  choice  between  two  systems  that  is 
resolved  by  the  environment  (and  which  generalizes  the  +  from  GAP),  that 
makes  the  difference  to  GAP. 

The  semantics  is  defined  using  the  standard  denotational  technique:  We 
first  define  a  domain  F  (in  our  case  a  complete  partial  order)  and  then  de¬ 
fine  for  each  syntactic  operator  op  a  corresponding  continuous  operator  opF 
on  this  domain.  In  order  not  to  have  to  use  environments  we  restrict  our 
considerations  to  closed  terms  (i.e.  terms  not  containing  free  identifiers). 
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The  elements  of  the  domain  are  sets  F  C  M*  x  P(M)  of  pain  consisting 
of  a  sequence  of  steps  (the  system  may  perform)  and  of  a  set  of  steps  (the 
system  may  refuse  to  perform  after  having  performed  the  before-mentioned 
steps). 


Example:  S  =  anil 

S  may  perform  the  step 


l  (anii  Q  bnil ),  Vis  =  {a, 6,'/} 

P  “ 

a 
b 


(or 


)  or  may  perform  the  sequence 


[a] [a]  (or  [a] [6]  or  [6] [a])  of  steps,  and  after  that  all  steps  (other  than  0)  can 
be  refused;  at  the  beginning  only  steps  containing  at  least  2  simultaneous  6’s 
or  at  least  3  a’s  or  one  b  and  two  q’s  or  containing  the  V  can  be  refused;  after 
one  a  or  one  b  is  performed  in  a  single  step  only  steps  containing  at  least  2 
simultaneous  a’s,  one  b  or  one  V  can  be  refused.  Therefore  the  steo  failure 
semantics  of  S  is 


L  ‘ 

a 

a  * 

{eX  |  X  C  {i  e  M  1 1  > 

0 

b 

Vi> 

r  t 

a 

b 

Vi  > 

a 

a 

{[apf,[41*  \X  C  {*eM|x> 


{ 


Vi  >  M)}U 

Vi  >  [6]  Vi  >  [V]}}U 


X,  [a] [a] A',  [a][6]X,  (6](a]A  |  X  C  M-{0}} 


For  the  description  of  the  domain  we  need  the  concept  of  stretching  of  a 
step  sequence,  i.e.  of  replacing  the  step  sequence  by  a  step  sequence  perform¬ 
ing  the  same  individual  actions  in  more  (and  smaller)  steps;  i.e.  stretching 
means  partial  sequentialization  plus  insertion  of  null  steps.  Thus  we  can 
define  the  mapping  Stretch(ui)  inductively  by: 

Stretch(e)  :=  {0}* 

Stretch(vi)  :=  Stretcb(v){ iiij . . .  i„  €  M*  |  £  =  i}- 

i=i 

Definition:  F  C  M*  x  P(M)  is  an  element  of  F  iff 

(1)  £0  e  F 

(2)  vu>0  €  F  =>  vi  €  F 
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(3) 

wX  € 

FAVCX^toVeF 

(4) 

wX  g 

F  A  wyt  g  F  =»  w(X  U  {#})  €  F 

(5) 

(We 

p(X) :  toy  e  F)  =►  tox  e  f 

(6) 

t,{0}€ 

:  F  =$■  vwX  e  F 

(7) 

wX  e 

F  A  v  €  Stretch( to)  =>  t>X  €  F 

(8) 

wX  e 

F  Ax  e  X  Ax  <y  =$■  w(X  U  {y})  6  F 

(9) 

oOtoX 

€  F  utoX  e  F 

(10) 

,oo 

(3o  e 

E  :  tn[a]0  €  F)  =>  to{0}  €  F 

It  can  be  shown  (see  (TV])  that  (F,  2)  is  a  cpo  with  bottom  element 
1  =  M*  x  P(M). 

Now  we  can  define  the  operators  opF  which  we  denote  by  the  same  sym¬ 
bols  as  in  the  syntax. 


nil 

aF 


Fi  or  Fa 
Fi  D  Ft 


FU 


{t«X  |  to  €  {0}*  AXC  M-{0}} 

{«X  |  v  €  {0}*  A  [aj  £  X  C  M-{0}}U 
|  v  €  {0}*  A  toX  6  F} 

F,  U  Ft 

{wX  |  to  €  {0}*  A  wX  €  F%  D  Fj}U 

{toX  |  to  €  {0}*  A  e{0}  6  F,  U  Ft  A  X  C  M}U 

{wX  j  to  $  {0}*  A  wX  e  F,  U  Ft} 

{to(X  U  Y)  |  to  €  (M -B)*  A  toX  €  F  A  Y  C  B}U 
{touX  |  (w{0}  6FV0€B)Ati)€  (M-B)*A 
uX  €  M*  x  P(M)}, 

where  5CM  and  T3  :=  {y  \3x  e  B  :  x  <  y] 


To  define  f  we  need  severed  auxiliary  definitions.  For  each  t  :  Vis  x  Vis  —» 
IV  we  define  the  following  three  elements  of  M  (considered  as  mappings) 


»!(*)(«):-{  j 


EteVis^0.6) 


if  a  €  EVis 
if  a  €  Vis 
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T3(t)(a) :~{  LeVis^M 

¥>(<)(“)  :=  |  <(6» 6) 

l  t(b,c)  +  t(c,b) 

Let  x\,  x2  be  steps,  then 

x  €  Xj  f  xj  iff  3rj,r2  €  M,<  :  Vis  x  Vis  — ►  IV  : 

xt  =  *i(t)  +  ri  A  x2  =  x2(t)  +  r2A 
*6ri  +  rj  +  ¥>(*) 

Let  v  =  xjx2  . . .  xn  and  w  =  yiy2 . .  .y„  be  step  sequences  of  equal  length, 
then 

V  $  tu  =  I  Zi  e  Xi  if  y{,  i  =  l,...,n} 

Now  for  Fi,FjeFwe  have 

F\  $  Ft  :=  {  wX  |  3w\Xi  G  FifW^Xj  G  E2  :  t«  G  u>i  ^  ui2A 
X  C  {xe  M-{0}  |  Vxi.xj  €  M  :  x  G  ii  $  xa 
x\  G  Xi  V  Xj  G  Jf2}}U 
{touX  |  BtujJfi  G  Ft,  iujXj  G  Fj  :  w  =  toj  if  w2A 
AO  G  Xx  U  X2  A  u  G  M*  A  X  C  M}. 

Also,  to  define  5/  for  /  G  Fun  we  need  several  auxiliary  definitions: 

For  x  G  M  and  /  G  Fhn  we  have: 

xf  undefined  if  3o  G  E  :  x(a)  >  0  A  af  =  X;  in  all  other  cases  xf  is  the 
step  (considered  as  a  mapping  from  E  to  IV)  defined  by 

(*/)(<*):=  £  »(*)• 

This  implies  in  particular  0/  =  0  for  each  /  6  Fhn. 

Now 

x/“l  :=  {y  €  M  |  yf(r/->nE)  =  0  A  yf  =  x} 

and  for  KM 

-  Xf -l  :«  U  */■*• 

*€X 


if  a  G  EVis 
if  a  G  Vis 
if  a  G  Vis 

if  a  =  {6, 6}  G  EVis 
if  a  =  {6,c},  b  /  c 
xj  $  x2  is  defined  by 
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Let  w  =  xti2 . . .  *n  be  a  step  sequence,  then 


undefined 


wtwt  ...uin 


if  one  Wi  undefined 
otherwise 


where 


w< 

Then  for  F  €  F  we  get 


£  if  Xif  =  0^z, 
Xif  otherwise 


Ff  :=  {wf{X  U  Y)  |  to(X/-1  U  r/-»)  €  F A 

K  C  (y  6  M  |  y/  undef.}}u 
{(u>/)uX  |  uX  6  M*  x  P(M)A_ 

(t»{0)  6  F  V  Vn  €  JV  :  3u  €  (r/-1)"  :  un>0  €  F)} 


where  for  A  C  Act  we  write  A  :=  {[a]  |  a  ^  t}. 

The  proofs  that  all  these  operators  are  continuous  can  be  found  partly 
in  [TV]  -  to  prove  that  action  manipulation  (application  of  /  €  Fun)  is 
continuous,  one  cannot  simply  generalize  the  technique  used  in  [TV]  for  the 
proof  of  the  continuity  of  the  hiding  operator  but  has  to  go  back  to  [Bro83]. 

The  step  failures  semantics  can  be  weakened  to  get  new  semantics  by 
restricting  the  notion  of  steps  and  of  refusals: 


-  if  only  null  or  singleton  steps  may  be  refused  we  get  the  simple  step 
failures  semantics 


-  if  steps  are  restricted  to  be  singletons  only  this  gives  the  standard 
(linear)  failures  semantics. 

Based  on  these  notions  of  semantics  we  have  different  notions  of  equiva¬ 
lence. 

Example: 

5  :=  as/ nil  ||^  Wnil 

T  :=  abs/ml  []  baV nil 


Then  S  and  T  have  the  same  linear  failures  semantics  but  different  (sim¬ 
ple)  step  failures  semantics  and  moreover 

5,  5  []  T  and  S  or  T  have  the  same  simple  step  failures  semantics  but 
in  the  step  failures  semantics  5  and  5  Q  T  have  the  same  semantics  while 
5  Q  T  and  S  or  T  have  different  semantics. 


14 


3  Petri  Nets 

3.1  Basic  Ideas 

Firstly  we  will  consider  (distributed  concurrent)  systems  with  the  goal  to 
develop  a  formalism  that  describes  the  structure  as  well  as  the  dynamic 
behaviour  of  such  systems.  Using  this  formalism  one  can  then  specify  new 
systems  (which  are  to  be  built)  also. 

The  basic  assumptions  from  which  we  start  are: 

-  Systems  are  composed  of  subsystems,  which  can  communicate  with 
each  other  (and  with  the  environment)  by  sending  and  receiving  mes¬ 
sages  (or  other  objects). 

-  The  subsystems  can  be  relatively  independent  of  each  other  (e.g.  they 
can  be  distributed  widely). 

-  The  behaviour  of  a  system  is  determined  by  processes  which  are  running 
in  subsystems  and  which  consist  of  changes  of  the  states  of  subsystems 
by  actions  (of  communication  or  transport). 

The  formal  model  is  developed  according  to  the  following  principles. 

(1)  States  and  actions  (of  state  change)  are  both  explicitely  represented. 

(2)  States  (resp.  actions)  of  the  subsystems  are  not  combined  together  to 
form  global  states  (resp.  actions)  of  the  whole  system;  they  are  repre¬ 
sented  separately. 

Consequence:  We  better  represent  these  systems  by  (at  least)  two- 
dimensional  graphics. 

(3)  The  transport  of  an  object  (or  a  message)  in  the  system  can  be  consid¬ 
ered  as  a  state  change.  State  changes  can  also  be  considered  as  actions 
of  transport  of  objects  (i.e.  messages). 

Consequences:  For  our  formal  description  we  need  exactly  2  types  of 
components  and  a  notation  for  the  objects  and  their  position: 

-  active  components  (from  a  set  T  of  so-called  transitions,  graphi¬ 
cally  represented  by  □)  for  the  representation  of  actions 
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-  passive  components  (from  a  set  5  of  so-called  places  graphically 
represented  by  O)  f°r  the  representation  of  (local)  states  (of  sub¬ 
systems). 

-  As  objects  we  consider  (in  the  simplest  version  we  want  to  discuss 
here)  only  simple  tokens  (graphically  represented  by  a  dot  •)  which 
are  available  in  a  place  or  not  (©  or  O)- 

(4)  The  amount  of  state  change  caused  by  one  action  is  constant  (i.e.  al¬ 
ways  the  same  if  the  action  occurs  -  independent  of  other  circum¬ 
stances) 

Consequence:  Each  action  component  is  connected  to  a  fixed  number  of 
passive  (state)  components,  which  are  subject  to  change  by  this  action. 
Thus  the  system  can  be  represented  as  a  bipartite  graph  with  node  set 
S  U  T,  where  no  two  nodes  of  the  same  type  are  connected.  Since  state 
change  is  represented  by  taking  away  or  adding  tokens  the  graph  will 
be  directed  (according  to  the  direction  of  the  flow  of  objects). 

Example:  Traffic  light 


red 


(5)  An  action  can  take  place  (is  enabled)  if  the  state  changes  to  be  produced 
by  it  are  possible;  but  the  action  need  not  take  place  if  it  is  enabled 
such  that  by  other  actions  it  may  be  disabled  again. 
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3.2  Formal  Definitions 

There  are  several  ways  to  formally  describe  the  class  of  Petri  nets  described 
above.  The  usual  definition  is  the  graph  theoretic  one,  treating  places  and 
transitions  equally: 

(1)  A  place/transition  net  (P/T  net)  is  a  triple  N  =  ( S,T,F ),  where  S 
and  T  are  the  disjoint  sets  (of  places  and  transitions)  and  F : 
S  xT\jT  x  S  —t  Pf  (the  flow  relation). 

Often  one  considers  labelled  P/T- nets,  where  different  transitions  may  be 
equally  labelled;  i.e.  one  adds  a  labelling  function  /  from  T  to  a  set  of  labels. 
If  one  wants  to  focus  attention  on  the  transitions  (labelled  by  actions  from  a 
set  Act  of  actions)  then  the  following  is  more  convenient.  Let  M(S)  be  the 
set  of  multisets  over  S. 

(2)  A  P/T- net  over  Act  is  a  pair  ( S ,  D)  where  S  is  the  set  of  places,  D  C 
M(S)  x  Act  x  M (S')  is  the  set  of  labelled  transitions  (together  with 
the  weighted  arrows  connecting  the  related  places)  (For  this  notation 
see  (Gol88j). 

For  more  algebraic  considerations  a  third  definition  seems  to  be  promising 
(see  [DMM89]). 

(3)  Let  S ®  be  the  free  commutative  monoid  on  S  (if  S  is  finite,  the  elements 
of  5®  are  the  multisets  over  5),  then  an  mP/T- net  is  a  quadruple  N  = 
(5®,T,<7,0),  where  T  is  the  set  of  transitions  and  and  o,0  :  T  -+  5® 
are  mappings  associating  to  every  transition  its  pre-multiset  and  its 
post-multiset  (places  with  the  weighted  arrows  connecting  them  to  the 
transition). 

In  the  following  we  only  consider  P/T- nets  where  all  weights  of  arrows 
are  1,  i.e.  where  (in  def.  (1))  F  maps  into  {0, 1},  i.e.  where  instead  of  M(S) 
we  can  use  P (S)  in  definition  (2)  -  moreover  we  will  use  definition  (2).  And 
we  briefly  call  these  particular  P/T- nets  only  nets. 

A  marking  of  a  net  is  a  mapping  M  :  5  — »  JV.  A  transition  (S\,a,Sj) 
is  enabled  at  a  marking  Af,  if  Si  <  M. 

A  transition  d,  enabled^  at  a  marking  M  may  occur;  if  it  occurs  it  pro¬ 
duces  the  marking  A/j  :=  (Afi -Si)+Sj;  this  is  usually  denoted  by 
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This  notation  is  extended  to  arbitrary  words  over  D  by  and 

Mi[ud)M3  iff  3Mi  :  Afi[u)Mj  A  M3[d}M3.  Moreover  we  write  \M)  for  the  set 
of  all  markings  reachable  from  M. 

A  net  ( S ,  D)  with  a  marking  M,  called  a  marked  net,  is  denoted  as  triple 

3.3  Syntax-Driven  Construction  of  Nets  from  GAP 
Terms 

If  we  consider  GAP  as  a  specification  language  for  concurrent  systems  and 
nets  as  formal  descriptions  of  concurrent  systems,  it  is  natural  to  ask  whether 
GAP  terms  can  be  represented  as  nets.  Obviously  the  actions  of  GAP  have 
to  be  represented  by  transitions,  all  the  actions  which  may  be  performed 
before  any  other  action  have  to  be  enabled  by  an  appropriate  marking;  to 
the  operators  on  terms  should  correspond  operators  on  nets;  i.e.  we  look  for 
a  syntax-driven  modular  net  construction.  Moreover  we  aim  at  “minimal” 
markings,  i.e.  mappings  S  —*  {0,1},  which  we  represent  as  subsets  of  S.  In 
a  first  step  we  do  not  consider  recursion.  We  again  denote  the  operators  in 
the  same  way  as  in  GAP. 

nil  :=  ({«},0;{s}) 

Let  N  =  (5,  D ;  Z)  be  a  marked  net,  then 

aN  :=  (SU{s},Z>U{({s},  a,  £)};{«}) 

for  a  €  Via  U  {r}. 

Nf  :=  Re*ch(S,  I/\  Z),  i.e. 

the  subnet  reachable  from  the  initially  enabled  transi¬ 
tions  of  the  net  (S,  D1',  Z),  where  U  =  {(Afi,o/,  Mj)  | 
(Afi,a,A#j)  €  £>Aa/^  1} 

To  define  the  operator  +  we  introduce  a  restriction  on  the  syntax:  we 
allow  only  nets  with  a  single  marked  place  as  operands  (corresponding  to 
GAP  terms  of  the  form  o P)  -  otherwise  problems  would  arise. 

Let  Ni  =  {Si,  Di\  {*,■}),  s  =  1,2  be  marked  nets  with  Si  D  Si  =  0,  then: 
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Ni+N3  :=  ileaci(Sj  U  S3  U{*},  A  UDjU  £+;{*}), 
where  z  £  Si  U  Sj  and 

D+  =  {({*}, a, M)  \  ({*»}, «,*)  €  A  V  ({*},«, M)  €  A} 

Let  Ni  =  (Si,  A;  Zi),  i  =  1,2  be  arbitrary  marked  nets  with  SjOSj  =  0,  then: 

N\  }  N3  :=  (Si  U  S3,  A  U  Di  U  D+ ;  £1  U  21i),  where 
Z)+  =  {(A/i  UAfa,{ai,aa},Af(  U  AfJ)  | 

Vi  e  {1,2}  :  a,  6  Vis  A  (Af„o„  Af?)  6  A) 

Example:  Let  P  :=  anil  +  bail,  Q  :=  coil 
Then  P  }  Q  is  represented  by  the  net 


The  main  problem  is  the  modelling  of  recursion.  Therefore  we  make 
another  syntactical  restriction:  We  consider  only  recursion  terms  of  the  form 
recp.rQ.  It  can  however  be  shown  (see  [Tau88]),  that  semantically  this  is  not 
restrictive.  An  important  goal  of  the  construction  is  to  obtain  finite  nets  in 
as  many  cases  as  possible.  The  grammar  for  the  terms  to  which  we  associate 
Petri  nets  now  is  as  follows 

S  ::=  nil  |  p  |  aQ  |  S  +  S  |  recp.rQ 
Q  ::=s  S  |  Qf  IQ  f  Q. 


19 


The  key  idea  for  modelling  recursion  is  based  on  Milner’s  construction  of 
a  finite  extended  transition  for  a  CCS  term  (for  details  see  [Tau88]);  i.e.  we 
enlarge  the  notion  of  a  net  by  a  means  for  representing  identifiers  and  action 
manipulation  functions:  An  extended  net  is  a  quadruple  N  =  (S,  D,  E\  Z) 
where  (5,  D;  Z)  is  a  net  and 

E  C  P(5)  x  Id f  x  Fun±,  (the  set  of  extensions) 

(Fun±  is  the  set  of  action  manipulation  functions  Fun,  enlarged  by  the 
special  element  X,  X  £  Fun) 

An  extension  can  be  considered  (and  depicted)  as  a  special  transition 
with  no  post-set. 

For  p  6  Idf  we  then  get  the  net  representation 

p :=  ({*},#,{({*},*«)};{*}) 

All  the  other  net  constructions  above  must  now  be  enlarged  by  appropri¬ 
ate  extension  sets  E' 

nil:  E'  :=  0 

Nf:  E'  :=  {(M,p,gf)  |  (M,p,g)  e  E  A  g  ^  X}U 
{(M,p,X)\(M,p,±)eE] 

Ni  +  Nj  :  E'  :=  Ei  U  Ej  U  E+  where 

E+  :=  {(W.p,/)  I  ({*i},p,f)  e  Ei  v  ({z2},pJ)  e  Ei). 
N,\N2:  E'  :=  {(M1UM2,p,f)\(M1,p,g)eE1*MJe{Zi)2 

A(/  =  g  V  /  =  1  A  3(17,  a,  U')  6  Z>2  U  E2  :  U  C  Afs)V 
€  E?  A  Mi  6  [Zi)i 

A(/  =  SV/=iA  3(1/,  a,  U')  6  £>i  U  £a  :  U  C  A/,)} 

To  define  the  recursion  operator  for  extended  nets  we  need  some  more 
notations: 

For  r  €  Idf  and  N  =  ( S ,  D,  E\  Z)  where 
X  i  E{r)  :=  {/  £  Fun±  |  ( M ,  r,  f)  e  E]  define 

{id-h- ■■■  •/»  |  n  >  €  f?(r)},  and 

for  /  €  F  let  (5/,  Dj,  Ej-,  Zj)  :=  Nf  such  that  /  /  g  implies  SjCiSg  =  0. 
Then 

recr.rN  :=  Rench(({z}  UU/erS/.  {({z},r,Zw)}  U  D+  U  U/eF^/, 
U/^HPOWS,)  x  {r}  x  FVm);{*})) 
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where  z  £  5/  for  all  /  e  F  and 

D+={(MtT,Z,)\(M,r,g)e  \J  E,} 

feF 

Example:  recp.ra(nil  f  bp)  gives  the  net 


4  Semantics  of  Petri  Nets 

The  simplest  operational  semantics  of  a  marked  net  ( S ,  D;  M)  is  the  subset 
of  all  words  w  €  D*  which  denote  sequences  of  occurrences  of  transitions 
starting  from  the  marking  M\  one  can  refine  this  notion  by  considering  an 
additional  marking  (or  a  set  of  markings)  and  take  only  those  words  in  D' 
which  lead  from  M  to  this  (these)  marking(s).  Thus  a  Petri  net  can  be  seen 
as  a  device  to  produce  formal  languages  -  and,  indeed,  there  is  a  large  body 
of  interesting  results  on  the  formal  languages  of  Petri  nets;  for  details  see  the 
paper  by  M.  Jantzen  in  [BRR87]. 

As  Petri  nets  are  meant  to  model  not  only  relational  systems  (which 
accept  input,  produce  output  and  stop)  but  also  reactive  systems  (which 
are  running  all  the  time  and  react  to  interactions  by  users),  it  is  useful  to 
study  also  the  infinite  behaviour  of  nets  -  the  simplest  way  to  do  it,  is  to 
study  infinite  sequences  of  transition  occurrence  possible  in  a  net  (see  the 
papers  by  Carstensen  in  [CJK88]  and  by  Valk  in  [BRR87]). 

Since  Petri  nets  should  describe  concurrent  systems,  it  is  also  sensible  to 
look  after  semantics  that  model  concurrency  more  explicitely.  Obviously  the 
notion  of  steps  (see  part  2)_can  be  used.  A  step  of  a  net  (S,  D)  is  a  multiset 
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over  D.  The  step  x  is  enabled  at  a  marking  M  if  for  each  s  €  S 
^2x(d)-prx(d)(s)<M(s) 

d€D 

where  pr\(d)  —  St  if  d  =  (6i,a,£a)  €  M(5)  x  Act  x  M(S). 

Now  we  can  define  finite  (and  infinite)  step  occurrence  sequences  in  anal¬ 
ogy  to  transition  occurrence  sequences. 

Obviously  we  can  also  transfer  the  notion  of  a  failures  set  to  Petri  nets 
(see  e.g.  the  paper  by  Vogler  in  [CJK88]). 

But  Petri  nets  offer  other  interesting  formalisms  for  describing  the  con¬ 
current  processes  going  on  in  a  distributed  system:  One  can  represent  these 
processes  again  as  nets. 

One  possibility  is  to  unfold  a  net  (like  one  can  unfold  a  while-loop  into  a 
sequence  or  a  transition  system  into  a  tree). 

Example:  (from  the  paper  by  Winskel  in  [BRR87]) 


If  one  is  only  interested  in  the  actions  (the  transitions)  and  the  dependen¬ 
cies  between  the  events  of  transition  occurrences  then  one  can  erase  the  places 
in  the  unfolded  net;  one  then  obtain  a  so-called  event  structure  -  for  more 
details  on  this  very  powerful  semantical  structure  for  describing  concurrent 
processes  see  the  paper  by  Winskel  in  [BRR87]. 
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Instead  of  representing  all  possible  processes  in  one  unfolded  net,  one 
can  separate  them:  beginning  with  an  initial  marking  only  that  part  of  the 
unfolding  is  kept  where  the  tokens  flow  through  during  a  process.  Then  one 
marked  net  will  be  represented  by  a  possibly  infinite  set  of  possibly  infinite 
nets  in  which  each  place  is  in  the  preset  of  at  most  one  transition  only.  For 
more  details  on  the  theory  of  these  nonsequential  processes  see  the  paper 
by  Fernandez  in  [BRR87]  and  the  book  [BF88]. 

If  one  suppresses  the  places  in  the  nonsequential  process,  then  one  gets 
partial  orders  labelled  with  (the  names  of)  transitions  -  these  labelled  partial 
orders  can  be  considered  as  generalizations  of  words  over  the  set  of  labels 
(words  being  linear  labelled  partial  orders);  therefore  they  are  often  called 
partial  words.  From  the  language  of  partial  words  defined  by  a  Petri  net  one 
can  easily  obtain  the  language  of  transition  sequences  as  well  as  the  language 
of  step  sequences.  For  more  details  see  [Kie88]  and  the  paper  by  Kiehn  in 
[Roz88]. 

There  is  one  other  quite  interesting  idea  to  give  a  non-interleaving  (i.e. 
concurrency  and  nondeterminism  distinguishing)  semantics  for  (non-labelled) 
Petri  nets.  Let  us  imagine  an  observer  (as  in  2.1).  We  now  ask:  what  minimal 
global,  structural  information  on  the  net  we  need  in  order  to  infer  from  one 
observation  sequence  all  other  sequences  possible  by  starting  at  the  same 
marking.  The  answer  (given  by  Marzurkiewicz),  see  his  paper  in  [BRR87]) 
is:  We  only  need  to  know  which  pairs  of  transitions  are  (always)  independent 
such  that  they  can  be  permuted  in  each  transition  sequence. 

The  original  definition  of  independency  of  transitions  has  be  generalized 
by  Diekert  (see  [Die89]);  it  can  however  be  further  generalized  as  follows: 
lYansitions  t,t'  are  dependent  iff  t  =  <'  or  pr3(f)  fl  prI(<)  /  0  or  prj(t')  fl 
pr3(t)  ^  0.  It  is  however  not  clear,  what  properties  this  generalized  theory 
will  have,  since  the  extension  of  Marzurkiewicz’s  idea  from  the  class  of  marked 
nets  where  each  place  can  hold  at  most  one  token  to  general  marked  P/T- 
nets  has  some  inherent  difficulties  lying  in  the  fact  that  in  the  general  case 
the  permutability  of  transition  occurrences  in  an  observed  sequence  depends 
on  the  marking  and  not  only  on  the  structure  of  the  net. 
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Example: 


The  main  advantage  of  this  approach  is  the  following:  The  independency 
relation  I  on  the  set  T  of  transitions  can  be  used  to  define  the  free  partially 
commutative  monoid  T*/J  of  so-called  traces  (i.e.  congruence  classes  of 
words  with  respect  to  permutation  of  independent  transitions);  the  semantics 
of  a  net  then  becomes  a  subset  of  such  a  monoid;  these  monoids  can  be  studied 
by  algebraic  techniques  (see  [Die89]). 

5  Modular  Construction  and  Refinement  of 
Concurrent  Systems 

Abstract  programming  languages  are  based  on  the  idea  of  modular  construc¬ 
tion;  their  semantics  are  always  compositional. 

Petri  nets  per  se  have  no  modular  structure;  only  rather  recently  -  based 
on  the  ideas  from  the  field  of  abstract  programming  languages  -  modular 
construction  techniques  based  on  operators  on  nets  have  been  studied  (see 
[Tau88],  [G0I88]).  Also,  it  has  been  observed  by  Mazurkiewicz  (see  his  paper 
in  [Roz88])  that  each  unlabelled  P/T- net  (with  arrow  weights  1)  can  be 
considered  as  composed  of  so-called  atomic  nets  (whose  sets  of  places  contain 
only  one  element)  by  an  operation  of  synchronization  (i.e.  composition  of  nets 
by  building  the  disjoint  union  of  their  places  but  perhaps  identifying  some 
of  their  transitions),  yielding  a  compositional  semantics  for  nets  based  on 
partial  orders. 

Another  way  to  build  complex  structures  is  to  use  refinement  techniques. 
Abstract  programming  languages  pose  problems  with  respect  to  refinement; 
e.g.  bisimulation  is  not  a  congruence  with  respect  to  refinement. 
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Example:  (see  [GG89]):  The  two  terms  P  :=  anil  ||(  bail  and  Q  := 

ab  nil  +  6a  nil  are  bisimulation  equivalent  but  if  the  action  a  is  refined  into 
the  sequential  composition  of  two  actions  01,02  then  we  obtain  two  systems 
which  are  not  bisimular: 

P '  :=  (ata3  nil)  ||t  bail  ,  Q'  :=  aiajbnil  +  baiainil 

Only  recently  the  problem  of  refinement  for  abstract  programming  languages 
is  being  studied  (see  [GG89]). 

For  Petri  nets  refinement  has  been  considered  from  the  beginning  on  (see 
[Vog89])  -  there  are  even  several  methods  of  refinement:  One  can  refine  single 
transitions  or  single  places  or  one  may  cut  off  a  part  of  a  net  (such  that 
the  boundary  along  the  cut  consists  only  of  transitions  or  only  of  places) 
and  substitute  a  new  net  into  the  remaining  net.  There  are  two  different 
approaches  to  study  this:  Usually  refinement  is  studied  under  the  aspect  of 
preserving  the  behaviour  of  the  original  net;  however,  recently  (influenced  by 
the  abstract  programming  languages)  also  the  situation  is  studied  where  the 
behaviour  is  changed  by  the  refinement,  such  that  the  same  refinements  in 
two  behaviourally  equivalent  nets  result  in  behaviourally  equivalent  refined 
nets. 

A  completely  different  approach  to  refinement  has  been  developed  by 
A.  Kiehn  (see  [Kie89]):  Instead  of  replacing  a  transition  by  a  net,  an  incar¬ 
nation  of  the  refini  g  net  is  called  (like  a  subroutine).  This  naturally  also 
allows  for  recursion.  Using  this  technique  a  concurrent  system  is  specified  by 
a  set  of  nets  which  may  call  each  other  recursively.  For  the  implementation 
of  such  specifications  one  obviously  need  some  sort  of  stack  mechanism. 
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